🔍

Understanding Amazon Macie Onboarding Process

Nov 26, 2024

Lecture on Amazon Macie Onboarding and User Experience

Introduction

  • Overview of the new user experience for Amazon Macie.
  • Integration with AWS Organizations to manage Macie across multiple accounts.

Getting Started with Macie

  • Delegating Admin Account:
    • Master account can delegate an admin account.
    • Admin account can manage Macie settings across all organization accounts.
  • Enable Macie Across Organization:
    • Easily add all accounts.
    • Auto-enable new accounts joining the organization.
    • Provides visibility into all buckets created and managed.

Dashboard Features

  • Key Controls and Metrics:
    • Public access status
    • Encryption status
    • Sharing status with internal and external users
  • Visibility Across Accounts:
    • Total storage, object count, and buckets

Policy Findings and Alerts

  • Alerts generated on changes such as:
    • Public access status
    • Encryption policy changes
    • External sharing of buckets
  • Integration with Security Hub and CloudWatch:
    • Policy findings sent to these platforms.
    • Allows automation for unexpected changes.

Bucket Configuration and Object Visibility

  • Bucket Evaluation:
    • Policies, ACLs, and public access features
    • Replication status
  • Object Level Encryption Visibility:
    • Types of encryption (S3 server-side, KMS)
    • Total size and compressed object evaluation for billing

Sensitive Data Discovery Jobs

  • Creating a Discovery Job:
    • One-time or scheduled jobs
    • Sampling depth and filtering options
  • Custom Data Identifiers:
    • Define specific identifiers using regex
    • Test expressions with sample data
  • Job Naming and Management:
    • Immutable jobs with Amazon resource names
    • Unlimited job creation
  • Findings and Reporting:
    • Detailed result outputs for compliance
    • Integration with automated response tools

Usage and Compliance

  • Monitoring Use and Quotas:
    • Track usage and trial accounts
    • Default quota of 5 TB, expandable to 25 TB
  • Free Trial Features:
    • 30-day bucket inventory and policy evaluation
    • First GB of sensitive data discovery free per account/month

Conclusion

  • Quick start with a free trial for Amazon Macie.
  • Encouragement to utilize the trial and explore features.

Full transcript